NOMISEC-Gra3s/CVE-2022-30190_EXP_PowerPoint

NOMISEC WORKING POC
Exploit for CVE-2022-30190 - Microsoft Office Word MSDTJS
AI Analysis

This PoC exploits CVE-2022-30190 (Follina) via a crafted PowerPoint (PPSX) file that loads a malicious HTML payload from a remote server. The exploit leverages the MSDT URL protocol handler to achieve remote code execution (RCE).

Attack Type
RCE
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1204.002 - Malicious File T1195.002 - Compromise Software Supply Chain
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type client-side
Files 3
Stars 8
Forks 2
Last Push Mar 23, 2023
Authors
Gra3s
Vulnerability
CVE-2022-30190
Microsoft Office Word MSDTJS
HIGH KEV
CVSS 7.8